making files with PHP

Networking/Security Forums -> Programming and More

Author: xcalibur PostPosted: Tue Nov 07, 2006 9:17 pm    Post subject: making files with PHP
    ----
I'm working on building an interface that allows me to make files without using FTP. My intention is to use the system() function to run a command (something like system($_POST['cmnd'])). What command should I use?

Author: santium PostPosted: Tue Nov 07, 2006 9:23 pm    Post subject:
    ----
Ok. What do you want to do? Create files that contain commands that will be ran by system()?

Author: xcalibur PostPosted: Tue Nov 07, 2006 9:33 pm    Post subject:
    ----
No... to create a generic new file. Like, say, an HTML or PHP script.

Author: browolf PostPosted: Tue Nov 07, 2006 9:50 pm    Post subject:
    ----
its a text type file, why can't you just fwrite it?

Author: santium PostPosted: Tue Nov 07, 2006 9:59 pm    Post subject:
    ----
You need to fopen then fwrite.
Example:
Code:
<?php
$filename = 'test.txt';
$somecontent = "Add this to the file\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

   // In our example we're opening $filename in append mode.
   // The file pointer is at the bottom of the file hence
   // that's where $somecontent will go when we fwrite() it.
   if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
   }

   // Write $somecontent to our opened file.
   if (fwrite($handle, $somecontent) === FALSE) {
       echo "Cannot write to file ($filename)";
       exit;
   }
 
   echo "Success, wrote ($somecontent) to file ($filename)";
 
   fclose($handle);

} else {
   echo "The file $filename is not writable";
}
?>

Author: xcalibur PostPosted: Tue Nov 07, 2006 10:12 pm    Post subject:
    ----
For that to work the file A) needs to exist and B) needs to be writable.

Think c99... I know how to delete, I just don't know how to add and edit with system()

thanks for the help Smile

Author: browolf PostPosted: Tue Nov 07, 2006 10:28 pm    Post subject:
    ----
what about fopen($file, 'w');

creates files if they dont exist. othewise with system() depends on what OS you're on surely...

Author: santium PostPosted: Wed Nov 08, 2006 12:15 am    Post subject:
    ----
xcalibur wrote:
For that to work the file A) needs to exist and B) needs to be writable.

Think c99... I know how to delete, I just don't know how to add and edit with system()

thanks for the help Smile

No.. You can replace the a with a+ and it will create it if it doesn't exist. And even system() wouldn't work if the permissions are wrong. Check out http://www.php.net/fwrite

Author: xcalibur PostPosted: Wed Nov 08, 2006 2:53 am    Post subject:
    ----
Wrong.
Code:
<?php
if(isset($_GET['var'])) { system($_GET['var']); }
?>


Access it as "...hp?var=echo this file has been edited > filename.php"

I've done this to change 0644 (or whatever the default permissions are... I know it wasnt open, as in 0666 or 0777) files... both on a paid server and my laptop. I'd use this, but I can't put a whole script in.

[EDIT]
There's a way to add/edit files with closed permissions... I just don't know what it is Smile this being why I asked.

Author: santium PostPosted: Wed Nov 08, 2006 2:51 pm    Post subject:
    ----
If it is a linux system, if your user (Apache runs as nobody) doesn't have permission to access the file, you will not be able to edit any files you don't have permission to edit. (0755) Without that, nothing inside PHP, or anything else for that matter, will be able to edit it.
xcalibur wrote:
Wrong.
Code:
<?php
if(isset($_GET['var'])) { system($_GET['var']); }
?>


Access it as "...hp?var=echo this file has been edited > filename.php"

I've done this to change 0644 (or whatever the default permissions are... I know it wasnt open, as in 0666 or 0777) files... both on a paid server and my laptop. I'd use this, but I can't put a whole script in.


Changing permissions is NOT the same thing as opening a file then writing to it. And no one would ever run that code you wrote. It opens everything up to attack. (For example, I could cat the passwd and shadow files and generate keys to log in to the system as any user I want [including root])



Networking/Security Forums -> Programming and More


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group